{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48133?format=json","vulnerability_id":"VCID-6fxn-fbvc-gfh6","summary":"BBOT's gitlab.py exposes globally configured \"gitlab\" API key\nbbot's `gitlab.py` sends the user's \"gitlab\" API key to on-premise GitLab instances.\n\nIf a user has configured a gitlab.com API key using this mechanism, it may be leaked to an attacker-controlled server.","aliases":[{"alias":"CVE-2025-10282"},{"alias":"GHSA-p3v4-c93g-cmhw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/121416?format=json","purl":"pkg:pypi/bbot@2.7.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/514005?format=json","purl":"pkg:pypi/bbot@2.7.0.6919rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.6919rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895050?format=json","purl":"pkg:pypi/bbot@2.7.0.6925rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.6925rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895051?format=json","purl":"pkg:pypi/bbot@2.7.0.6930rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.6930rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895052?format=json","purl":"pkg:pypi/bbot@2.7.0.6932rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.6932rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895053?format=json","purl":"pkg:pypi/bbot@2.7.0.6948rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.6948rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895054?format=json","purl":"pkg:pypi/bbot@2.7.0.6962rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.6962rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895055?format=json","purl":"pkg:pypi/bbot@2.7.0.6989rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.6989rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895056?format=json","purl":"pkg:pypi/bbot@2.7.0.6995rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.6995rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895057?format=json","purl":"pkg:pypi/bbot@2.7.0.7002rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7002rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895058?format=json","purl":"pkg:pypi/bbot@2.7.0.7010rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7010rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895059?format=json","purl":"pkg:pypi/bbot@2.7.0.7014rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7014rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895060?format=json","purl":"pkg:pypi/bbot@2.7.0.7023rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7023rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895061?format=json","purl":"pkg:pypi/bbot@2.7.0.7027rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7027rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895062?format=json","purl":"pkg:pypi/bbot@2.7.0.7090rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7090rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895063?format=json","purl":"pkg:pypi/bbot@2.7.0.7092rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7092rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895064?format=json","purl":"pkg:pypi/bbot@2.7.0.7094rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7094rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895065?format=json","purl":"pkg:pypi/bbot@2.7.0.7096rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7096rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895066?format=json","purl":"pkg:pypi/bbot@2.7.0.7098rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7098rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895067?format=json","purl":"pkg:pypi/bbot@2.7.0.7100rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7100rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895068?format=json","purl":"pkg:pypi/bbot@2.7.0.7108rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7108rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895069?format=json","purl":"pkg:pypi/bbot@2.7.0.7112rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7112rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895070?format=json","purl":"pkg:pypi/bbot@2.7.0.7116rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7116rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895071?format=json","purl":"pkg:pypi/bbot@2.7.0.7136rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.0.7136rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895072?format=json","purl":"pkg:pypi/bbot@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/895073?format=json","purl":"pkg:pypi/bbot@2.7.1.7141rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7141rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895074?format=json","purl":"pkg:pypi/bbot@2.7.1.7149rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7149rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895075?format=json","purl":"pkg:pypi/bbot@2.7.1.7151rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7151rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895076?format=json","purl":"pkg:pypi/bbot@2.7.1.7153rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7153rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895077?format=json","purl":"pkg:pypi/bbot@2.7.1.7159rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7159rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895078?format=json","purl":"pkg:pypi/bbot@2.7.1.7167rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7167rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895079?format=json","purl":"pkg:pypi/bbot@2.7.1.7169rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7169rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895080?format=json","purl":"pkg:pypi/bbot@2.7.1.7175rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7175rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895081?format=json","purl":"pkg:pypi/bbot@2.7.1.7198rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7198rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895082?format=json","purl":"pkg:pypi/bbot@2.7.1.7202rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7202rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895083?format=json","purl":"pkg:pypi/bbot@2.7.1.7207rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7207rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/895084?format=json","purl":"pkg:pypi/bbot@2.7.1.7212rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6fxn-fbvc-gfh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bbot@2.7.1.7212rc0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10282","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08619","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08601","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08566","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08615","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08636","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10282"},{"reference_url":"https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-09T19:02:56Z/"}],"url":"https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"},{"reference_url":"https://github.com/blacklanternsecurity/bbot","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/blacklanternsecurity/bbot"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10282","reference_id":"CVE-2025-10282","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10282"},{"reference_url":"https://github.com/advisories/GHSA-p3v4-c93g-cmhw","reference_id":"GHSA-p3v4-c93g-cmhw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p3v4-c93g-cmhw"},{"reference_url":"https://github.com/blacklanternsecurity/bbot/security/advisories/GHSA-p3v4-c93g-cmhw","reference_id":"GHSA-p3v4-c93g-cmhw","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/blacklanternsecurity/bbot/security/advisories/GHSA-p3v4-c93g-cmhw"}],"weaknesses":[{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fxn-fbvc-gfh6"}